Apple says iOS update coming to fix new PDF exploit

A new browser-based hack that allows users to wirelessly jailbreak their iPhone, iPod touch or iPad has led to fresh concerns over the security of the iOS platform, while Apple has promised that a fix will arrive soon.

The latest version of JailbreakMe.com was released Wednesday by the iOS hacking group Dev-Team. According to the site, users can "just browse to http://www.jailbreakme.com on [their] device and install it from there." The hack resembles an earlier version of JailBreakMe that arrived last year.

But, security researchers worry that the vulnerability could allow hackers to install malware when a user clicks on a malicious PDF.

"The Jailbreakme.com exploit downloads a payload to jailbreak the phone, but it could be changed to deliver a malicious payload," security expert Charlie Miller said. He notes that this is the first exploit that can defeat Apple's ASLR (Address Space Layout Randomization)," a technique developed by the Cupertino-based company to obstruct various attacks.

Apple has responded to the concerns via spokeswoman Trudy Millar, who said: "Apple takes security very seriously. We're aware of this reported issue and are developing a fix that will be available to customers in an upcoming software update.

Jailbreaking an iOS device allows the installation of third-party apps outside of the App Store and is often used for carrier unlocks for the iPhone, though the process does void Apples warranty. Last year, the U.S. government declared jailbreaking and unlocking legal, though Apple is not obligated to support modified devices.

Those who are currently running jailbroken devices can fix the flaw by downloading the latest PDF Patcher 2 software released by the Dev-Team on the Cydia store for unsanctioned apps, while those with non-jailbroken devices will have to wait for Apple to release a fix. Last year, it took Apple nine days to release an update that solved the PDF exploit.

Tried it last night on my iPad 2 16GB WiFi. Virtually instant jailbreak. Patched with PDF Patcher 2 from Cydia. First thing I did was to put some of my favourite non-Apple-supplied fonts onto the iPad 2 (using the free Bytafont app on Cydia). Fun.

More incompetence from Apple. They desperately needed the over the air incremental updates from iOS5 about 3 years ago. Major security holes should not takes days or weeks to patch, and they certainly should not be patched by the hacking community well before Apple gets around to it.

Oh well, thanks to the Dev-Team for looking out for us while Apple sits on their hands, yet again.

Does acting like an idiot help you feel like less of a loser? Anyone with half a brain can figure out that this is a MAJOR security flaw and that Apple did not identify it or address it in a timely manner. Heck they still have not released a patch but we hope they will someday soon. It doesn't even take half a brain to figure out this has happened before multiple times. Since you don't seem to get it, I must assume you have very little brain function.

Go ahead and attack others literacy and social status if it makes you feel better about yourself, but I assure you, no one but you is impressed.